Just had the joy of having to deal with the backscatter of
a spam run with
addresses from my domains (nonexistent boxes though) as sender.
And while my Mimedefang setup is reasonably
sophisticated, that run actually showed yet another minor loophole.

Minor as in "nothing bad happens that affects the public" but not minor
otherwise: I got postmaster-bounces of every single "thanks for your bounce
of the spam, but there is no such address here anyway". About 200 of them
every few minutes.

Well, no longer. Mimedefang now fully checks whether cyrus boxes exist before
letting sendmail get its greedy paws on the stuff. Still, the effort
necessary to keep the assholes out but the good mail arriving at the same
time is quite annoying.